[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3673) ldapsearch -y

The behavior of -y is as intended, and as documented:
  -y passwdfile   Use complete contents of passwdfile as the
                   password for simple authentication.

Your request to change the behavior of -y is rejected as
any such change would 1) create backwards compatibility
issues and 2) limit functionality.


At 12:24 PM 4/20/2005, morgan@lysator.liu.se wrote:
>Full_Name: Morgan Nilsson
>Version: 2.2.13-2
>OS: Fedora Core 3
>Submission from: (NULL) (
>"ldapsearch -y /etc/ldap.secret" should be able to handle newline in
>/etc/ldap.secret because pam_ldap requires a newline.
>How to reproduce:
>0. Setup your system to use LDAP for authetication.
>1. Create a user "foobar" in LDAP.
>2. Stop nscd (just to be sure we query LDAP)
>Version 1: pam_ldap works with newline in /etc/ldap.secret, but not ldapsearch
>3. Make sure /etc/ldap.secret ends in a newline.
>4. id foobar
>5. ldapsearch -y /etc/ldap.secret ... (uid=foobar)... => 
>ldap_bind: Invalid credentials (49)
>Version 2: ldapsearch -y works with newline in /etc/ldap.secret, but not
>6. Make sure /etc/ldap.secret does not end in a newline.
>7. id foobar
>id: foobar: No such user
>8. ldapsearch -y /etc/ldap.secret ... (uid=foobar)... => 
>(search result OK)